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DETAILED ACTION 

1. Dependent claims 13, 15, 19, 21 have been canceled. New independent 
claims 36-39 have been added. Claims 1-12, 14, 16-18, 20, 22-39 remain for 
examination. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claims 1-3, 33-35 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Arrow et al. (U.S. Patent No. 6,175,917). 

Referring to claim 1 : 

Arrow et al. teach: 

Receiving a first request at the operating system from the application 
programs to initiate a communication with a remote unit (see figure 1, element 140; 
column 6, lines 8-23, and column 7, lines 7-12 of Arrow et al.); 

Providing a second request from the operating system to a security offload 
component which perform a security offload processing, the second request directing 
the security offload component to secure the communication with the remote unit (see 
figure 1, elements 140, 145; column 6, lines 8-23, and column 7, lines 7-12 of Arrow et 
al.); 
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Providing a control function in the operating system for initiating operation 
of the security handshake processing by the security offload component (see figure 1, 
elements 140, 145; column 6, lines 8-23, and column 7, lines 7-12 of Arrow et al.). 
Referring to claim 2 : 

Arrow et al. teach the claimed subject matter: providing a security offload 
component which performs security handshake, and a control (see claim 1 above). 
Arrow et al. further disclose executing the provided control function, thereby initiating 
operation of the security handshake processing (see column 9, lines 11-17 of Arrow et 
al.). 

Referring to claim 3 : 

Arrow et al. teach the claimed subject matter: providing a security offload 
component which performs security handshake, and a control (see claim 1 above). 
Arrow et al. further disclose that the operating system maintains control over operations 
of the security handshake process (see column 10, lines 53-56 of Arrow et al.). 
Referring to claims 33-35 : 
Arrow et al. teach: 

Providing a security offload component which performs security session 
establishment and control processing (see e.g. figure 1, element 145 of Arrow et al.); 

Providing a control function in the operating system for initiating operation 
of the security session establishment and control processing by the security offload 
component (see e.g. figure 1, elements 140, 145; column 6, lines 8-23, and column 7, 
lines 7-12 of Arrow et al.). 

Receiving a request at the operating system from the application program 
to initiate a communication with the remote unit (see figure 1, elements 140, 145; 
column 6, lines 8-23, and column 7, lines 7-12 of Arrow et al.). 

Directing the security offload component to secure the communication with 
the remote unit in response to the request (see figure 1, elements 140, 145; column 6, 
lines 8-23, and column 7, lines 7-12 of Arrow et al.). 
Referring to claims 36-37 : 
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Arrow et al. teach the claimed subject matter: providing a security offload 
component which performs security handshake, and a control (see claim 1 above). 
Arrow et al. further disclose: 

Preparing a data packet including data to be communicated to the remote 
unit (see column 7, lines 13-25 of Arrow et al.); 

Reserving space in the data packet for security information (see column 7, 
lines 13-25 of Arrow et al.); 

Passing the data packet including the reserved space to the security 
offload component (see column 7, lines 13-25 of Arrow et al.). 
Referring to claim 38 : 

Arrow et al. teach the claimed subject matter: providing a security offload 
component which performs security handshake, and a control (see claim 1 above). 
Arrow et al. further disclose passing control information from the operating system to the 
security offload component, wherein the control information is passed to the security 
offload component separately from the data packet (see column 8, lines 4-11 of Arrow 
et al.). 

Referring to claim 39 : 

Arrow et al. teach the claimed subject matter: providing a security offload 
component which performs security handshake, and a control (see claim 1 above). 
Arrow et al. further disclose: 

Receiving the data packet at the security offload component (see column 
7, lines 46-64 of Arrow et al.); 

Encrypting the data in the data packet (see column 7, lines 46-64 of Arrow 

etal.); 

Inserting security protocol information in the packet (see column 7, lines 
46-64 of Arrow et al.); 

Transmitting the resulting data packet to the remote unit (see column 7, 
lines 46-64 of Arrow et al.). 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Arrow et al. (U.S. Patent No. 6,175,917), further in view of Brennan et al. (U.S. Patent 
No. 5,931,928). 

Referring to claim 4 : 

i. Arrow et al. teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control function (see 
claim 1 above). However, Arrow et al. do not specifically mention that the operating 
system does not participate in operation of the security handshake processing. 

ii. Brennan et al. disclose a system wherein the offload component 
will take over the handshake processing in lieu of the operating system (see column 27, 
lines 9-16 of Brennan et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Brennan et al. into the 
system of Arrow et al. to let the offload security component to take over the security 
handshake processing. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Brennan et al. into the system of Arrow et al. to let the offload 
security component to be active rather than passive role by taking over ongoing 
handshake processing from the operating system to ensure the successful handshake 
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(see column 27, lines 16-27 of Brennan et al.). By offloading handshake task from the 
cpu, the system response time will be improved significantly. 

6. Claims 5-6, 11-12, 14, 16-18, 20, 22-29 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Arrow et al. (U.S. Patent No. 6,175,917), 
further in view of Weinstein et al. (U.S. Patent No. 6,094,485). 

Referring to claims 5-6 : 

i. Arrow et al. teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control function (see 
claim 1 above). However, Arrow et al. do not explicitly specify the information to be 
used by the security handshake processing. 

ii. Weinstein et al. disclose a process for the client establishing a 
secure communication with the server via a SSL handshake, wherein Weinstein et al. 
disclose a connection such as TCP (see column 4, lines 51-53 of Weinstein et al.); a 
protocol version to be used (see column 9, line 58 of Weinstein et al.); a security role of 
client or server (see column 3, lines 25-26 of Weinstein et al.); the cipher suites to be 
used for selection (see column 3, line 25-26 of Weinstein et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Weinstein et al. into the 
system of Arrow et al. to specify the information needed for security handshake. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Weinstein et al. into the system of Arrow et al. to specify the 
information needed for security handshake, since e.g. the SSL setup, which allows an 
exportable SSL client to negotiate an encrypted session using strong encryption with a 
server if the server is approved for the set up, i.e., if it is allowed to use strong 
encryption (see column 1, lines 35-39 of Weinstein et al.). 

Referring to claim 1 1 : 
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i. Arrow et al. teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control. However, Arrow 
et al. do not specifically mention the operating system provides messages to be used in 
the handshake. 

ii. Weinstein et al. disclose a process for the client establishing a 
secure communication with the server via a security handshake, wherein Weinstein et 
al. disclose that the operating system provides the messages to be used in the security 
handshake (see column 14, lines 20-24 of Weinstein et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Weinstein et al. into the 
system of Arrow et al. to specify the messages needed for security handshake. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Weinstein et al. into the system of Arrow et al. so that the 
operating system provides the messages used for security handshake, because the 
handshake protocol messages must be sent in certain format and order. Sending 
handshake messages in an unexpected order results in a fatal error (see column 14, 
lines 53-55 of Weinstein et al.). 

Referring to claim 12: 

Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose a client hello message in the 
handshake, and the client hello message includes a random number structure, which is 
used later in the process (see column 15, lines 17-18 of Weinstein et al.). 

Referring to claim 14: 

Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose a server hello message in the 
handshake, and the server hello message includes a random number structure, which is 
used later in the process (see column 16, lines 35-41 of Weinstein et al.). 

Referring to claims 16-17: 
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Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose a client certificate (see column 18, line 
60 of Weinstein et al.); and a server certificate (see column 17, line 1 of Weinstein et al.) 
to be used for the client-server security handshake. 
Referring to claim 18: 

Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose client pre-master security secret (see 
column 19, lines 17-22 of Weinstein et al.). 
Referring to claim 20: 

Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose that data encrypted with the public key 
of a given key pair can only be decrypted with the private key (see column 8, lines 12- 
14 of Weinstein et al.). 

Referring to claims 22-23: 

Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose the master secret (see column 9, line 
9-10 of Weinstein et al.); the server write key and the client write key (see column 9, line 
20-23 of Weinstein etal.). 

Referring to claims 24-25: 

Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. . Weinstein et al. further disclose using a digital signature to sign and 
validate messages transmitted between the client and the server (see column 18, lines 
16-25 of Weinstein et al.). 

Referring to claims 26-29: 
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Arrow et al. and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function. Weinstein et al. further disclose using the message authentication 
code (MAC) to check the integrity of messages transmitted between the client and the 
server (see column 10, lines 39-42 of Weinstein et al.). 

7. Claims 7-8 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Arrow et al. (U.S. Patent No. 6,175,917), further in view of Brennan et al. (U.S. 
Patent No. 5,931,928), and further in view of Weinstein et al. (U.S. Patent No. 
6,094,485). 

Referring to claim 7: 

i. Arrow et al. teach the claimed subject matter: providing a security 
offload component which performs security handshake, and a control function (see 
claim 1 above). However, Arrow et al. do not specifically mention that the operating 
system does not participate in the security handshake processing. Arrow et al. also do 
not explicitly specify the information used for the security handshake. 

ii. Brennan et al. disclose a system wherein the offload component 
will take over the handshake processing in lieu of the operating system (see column 27, 
lines 9-16 of Brennan et al.). On the other hand, Weinstein et al. disclose a process for 
the client establishing a secure communication with the server via a security 
handshake, wherein Weinstein et al. disclose a connection such as TCP (see column 
4, lines 51-53 of Weinstein et al.); a protocol version to be used (see column 9, line 58 
of Weinstein et al.); a security role of client or server (see column 3, lines 25-26 of 
Weinstein et al.); the cipher suites to be used for selection (see column 3, line 25-26 of 
Weinstein et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Brennan et al. into the 
system of Arrow et al. to let the offload security component take over the security 



Application/Control Number: 10/007,581 
Art Unit: 2135 



Page 10 



handshake processing. And It would have been obvious to a person of ordinary skill in 
the art at the time the invention was made to combine the teaching of Weinstein et al. 
into the system of Arrow et al. to specify the information needed for security handshake. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Brennan et al. into the system of Arrow et al. to let the offload 
security component to be active rather than passive role by taking over ongoing 
handshake processing from the operating system to ensure the successful handshake 
(see column 27, lines 16-27 of Brennan et al.). By offloading the handshake task, which 
is often cpu-intensive, the overall system response time will be improved significantly. 
And the ordinary skilled person would have been motivated to have applied the teaching 
of Weinstein et al. into the system of Arrow et al. to specify the information needed for 
security handshake, since e.g. the SSL setup, which allows an exportable SSL client to 
negotiate an encrypted session using strong encryption with a server if the server is 
approved for the set up, i.e., if it is allowed to use strong encryption (see column 1, 
lines 35-39 of Weinstein et al.). 
Referring to claim 8: 

Arrow et al., Brenne et al. and Weinstein et al. teach the claimed subject 
matter: providing a security offload component which performs security handshake, and 
a control function. Weinstein et al. further disclose the segment size (see column 9, 
lines 60-61 of Weinstein et al.), and the sequence numbers (see column 9, line 29 of 
Weinstein et al.) used in the security handshake processing. 

8. Claims 9-10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Arrow et al. (U.S. Patent No. 6,175,917), further in view of Brennan et al. (U.S. 
Patent No. 5,931,928), further in view of Weinstein et al. (U.S. Patent No. 6,094,485), 
and further in view of Gillon et al. (U.S. Patent No. 5,764,738). 

Referring to claim 9: 
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i. Arrow et al., Brennan et al. and Weinstein et al. teach the claimed 
subject matter: providing a security offload component which performs security 
handshake, and a control function (see claim 7 above). However, they do not 
specifically mention that the offload component sends a message to the operating 
system upon completion of the handshake processing. 

ii. Gillon et al. disclose a system wherein an offload component sends 
a message to a program upon completion of the handshake processing (see column 4, 
lines 37-42 of Gillon et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Gillon et al. into the system 
of Arrow et al., Brennan et al. and Weinstein et al. to send a message to the operating 
system upon completion of the handshake processing. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Gillon et al. into the system of Arrow et al., Brennan et al. and 
Weinstein et al. to send a message to the operating system upon completion of the 
handshake processing, so that the operating system can start using the secure 
communication set up by the security offload component. 

Referring to claim 10: 

Arrow et al., Brennan et al., Weinstein et al. and Gillon et al. teach the 
claimed subject matter: providing a security offload component which performs security 
handshake, and a control function. Weinstein et al. further disclose the information 
available upon completion of the security handshake: the identifier of the secure session 
(see column 8, line 66 of Weinstein et al.); the server write key and the client write key 
(see column 9, line 20-23 of Weinstein et al.); the sequence numbers (see column 9, 
line 29 of Weinstein et al.); the cipher suite (see column 9, line 5-8 of Weinstein et al.); 
the protocol version (see column 9,, lines 58-59 of Weinstein et al.); and the digital 
signature (see column 18, lines 16-25 of Weinstein et al.). 
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9. Claims 30-32 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Arrow et al. (U.S. Patent No. 6,175,917), further in view of Weinstein et al. (U.S. 
Patent No. 6,094,485), and further in view of Gillon et al. (U.S. Patent No. 5,764,738). 

Referring to claim 30: 

i. Arrow et al., and Weinstein et al. teach the claimed subject matter: 
providing a security offload component which performs security handshake, and a 
control function (see claim 11 above). However, they do not specifically mention that 
the offload component sends a message to the operating system upon completion of 
the handshake processing. 

ii. Gillon et al. disclose a system wherein an offload component sends 
a message to a program upon completion of the handshake processing (see column 4, 
lines 37-42 of Gillon etal.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Gillon et al. into the system 
of Arrow et al. and Weinstein et al. to send a message to the operating system upon 
completion of the handshake processing. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Gillon et al. into the system of Arrow et al. and Weinstein et al. 
to send a message to the operating system upon completion of the handshake 
processing, so that the operating system can start using the secure communication set 
up by the security offload component. 

Referring to claim 31-32: 

Arrow et al., Weinstein et al. and Gillon et al. teach the claimed subject 
matter: providing a security offload component which performs security handshake, and 
a control function. Weinstein et al. further disclose the information available upon 
completion of the security handshake: the identifier of the secure session (see column 

8, line 66 of Weinstein et al.); the server write key and the client write key (see column • 

9, line 20-23 of Weinstein et al.); the sequence numbers (see column 9, line 29 of 
Weinstein et al.); the cipher suite (see column 9, line 5-9 of Weinstein et al.); the 
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protocol version (see column 9, lines 58-59 of Weinstein et al.); and the digital signature 
(see column 18, lines 16-25 of Weinstein et al.). 



Response to Arguments 

10. Applicant's arguments filed on August 24, 2005 have been fully 
considered but they are not persuasive. 
Applicant argues that: 

"It is instructive to note that the system described by Arrow, the security 
processing is not controlled by the VPN client. Rather, the VPN units are controlled by a 
VPN management station 160 "through commands and configuration information 
transmitted to the respective VPN unit" through a public network" 

Examiner maintains that: 

When VPN units couple remote clients and to public network (see figure 1, 
elements 145, 155 of Arrow et al.), in one embodiment, VPN 145 and 155 are 
implemented as hardware modules. In another embodiment, VPN units 145, 155 are 
implemented as software modules within remote units 140 and 150 respectively (see 
column 6, lines 8-23 of Arrow et al.). When VPN units 145, 155 are implemented as 
software, the VPN units 145, 155 operates in conjunction with the communication 
software for connecting remote client to its associated Internet Service Provider (ISP) 
(see page 7, lines 7-12 of Arrow et al.). Therefore, for remote clients, VPN units 145, 
155 are not controlled by the VAN management station 160 "through commands and 
configuration information transmitted to the respective VPN unit" through a public 
network. 

Applicant argues that: 

"Applicant note that the "operating system kernel" recited in claim 3 refers 
to an operating system kernel of a local unit which provides a request to a security 
offload component. In contrast, the "operating system 116" of Arrow refers to an 
operating system of the VPN" 
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Examiner maintains that: 

For remote clients (see figure 1, elements 140, 150 of Arrow et al.), the 
operating system refers to the operating system running in the client machine. 
Applicant argues that: 

"In the system of Arrow, security processing is performed by the VPN units 
in a manner that is transparent to the clients." 
Examiner maintains: 

When VPN units couple remote clients and to public network (see figure 1 , 
elements 145, 155 of Arrow et al.), in one embodiment, VPN 145 and 155 are 
implemented as hardware modules. In another embodiment, VPN units 145, 155 are 
implemented as software modules within remote units 140 and 150 respectively (see 
column 6, lines 8-23 of Arrow et al.). When VPN units 145, 155 are implemented as 
software, the VPN units 145, 155 operates in conjunction with the communication 
software for connecting remote client to its associated Internet Service Provider (ISP) 
(see page 7, lines 7-12 of Arrow et al.). 



Conclusion 

11. The prior art of record and not relied upon is considered pertinent to 
applicant's disclosure. 

(a) Rowney et al. (U.S. Patent No. 5,987,140) disclose secure 
transmission of data between a plurality of computer systems over a public 
communication system, such as the Internet. 

(b) Boucher et al. (U.S. Patent No. 6,434,620) disclose an intelligent 
network interface card (INIC) or communication processing device (CPD) works with a 
host computer for data communication. 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office Action. Accordingly, THIS ACTION IS MADE FINAL. See 
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MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37CFR 1.136(a). 



THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 



examiner's supervisor, Kim Vu Can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-6300. 



or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



A shortened statutory period for reply to this final action is set to expire 



5987. 



If attempts to reach the examiner by telephone are unsuccessful, the 



Any inquiry of a general nature or relating to the status of this application 



Joseph Pan 
October 11, 2005 




